openwrt/staging/lynxis.git
7 years agosunxi: backport the stmmac driver from kernel 4.13
Hauke Mehrtens [Thu, 21 Sep 2017 20:10:08 +0000 (22:10 +0200)]
sunxi: backport the stmmac driver from kernel 4.13

This adds support for the GMAC which is use in the A64 and other
Allwinner chips by backporting the changes from the kernel versions
4.13.

Some commits are not backported which are adding support for newly
introduced APIs which are not available in kernel 4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agomac80211: update to backports-4.14-rc2
Hauke Mehrtens [Tue, 22 Aug 2017 21:59:48 +0000 (23:59 +0200)]
mac80211: update to backports-4.14-rc2

This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.

To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1

Then run this:
./gentree.py --git-revision v4.14-rc2 --clean  <path to linux repo> ../backports-4.14-rc2-1

This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: improve A20 Lime2 upload speed
Lucian Cristian [Fri, 29 Sep 2017 19:29:59 +0000 (22:29 +0300)]
sunxi: improve A20 Lime2 upload speed

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
7 years agotoolchain/fortify-headers: Update to 0.9
Daniel Engberg [Fri, 29 Sep 2017 21:10:10 +0000 (23:10 +0200)]
toolchain/fortify-headers: Update to 0.9

Update fortify-headers to 0.9

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agotools/mm-macros: Update to 0.9.11
Daniel Engberg [Fri, 29 Sep 2017 21:12:40 +0000 (23:12 +0200)]
tools/mm-macros: Update to 0.9.11

Update mm-macros to 0.9.11

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agotools/mpfr: Update to 3.1.6
Daniel Engberg [Fri, 29 Sep 2017 21:14:27 +0000 (23:14 +0200)]
tools/mpfr: Update to 3.1.6

Update mpfr to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agopackage/utils/f2fs-tools: Update to 1.9.0
Daniel Engberg [Fri, 29 Sep 2017 21:38:12 +0000 (23:38 +0200)]
package/utils/f2fs-tools: Update to 1.9.0

Update f2fs-tools to 1.9.0
Remove patch as its been committed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agoutil-linux: update to 2.30.2
Ryan Mounce [Fri, 22 Sep 2017 04:42:28 +0000 (14:12 +0930)]
util-linux: update to 2.30.2

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
7 years agotools/cmake: Update to 3.9.3
Daniel Engberg [Sat, 30 Sep 2017 09:00:32 +0000 (11:00 +0200)]
tools/cmake: Update to 3.9.3

Update CMake to 3.9.3
Remove FreeBSD patch (not needed)
Rearrage and update patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agobase-files: create /etc/config/ directory
Hauke Mehrtens [Sat, 30 Sep 2017 11:50:44 +0000 (13:50 +0200)]
base-files: create /etc/config/ directory

The /bin/config_generate script and some other scripts are assuming the
/etc/config directory exists in the image. This is true in case for
example the package firewall, dropbear or dnsmasq are included, which
are adding the files under /etc/config/. Without any of these package
the system will not boot up fully because the /etc/config/ directory is
missing and some init scripts just fail.

Make sure all images with the base-files contain a /etc/config/
directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
7 years agoltq-vdsl-mei: revert disable optimized firmware download
Mathias Kresin [Fri, 29 Sep 2017 06:45:13 +0000 (08:45 +0200)]
ltq-vdsl-mei: revert disable optimized firmware download

This reverts commit b428f45c062dc8ca8c2f35f491fa467dc5b85519.

If the optimized firmware download is disabled, the xdsl subsystem
hangs in the "idle request" state after physically disconnecting and
reconnecting the xdsl modem from the line.

It might fix the failing line init on boot as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoiw: fix build on musl host
Stijn Tintel [Fri, 29 Sep 2017 06:26:00 +0000 (09:26 +0300)]
iw: fix build on musl host

The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found

Adding a shebang line in version.sh seems to solve it.

Fixes FS#977.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoutil-linux: avoid using the getrandom syscall
Felix Fietkau [Fri, 29 Sep 2017 10:30:52 +0000 (12:30 +0200)]
util-linux: avoid using the getrandom syscall

getrandom blocks until the random pool is being initialized.
Unfortunately, this code is being called early during init to create the
overlay filesystem, on some devices leaving little chance for a
successful random pool init.
True randomness is not that important here, so fix this issue by
sticking to using /dev/urandom, like in older versions of this code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agokernel: update 4.4 to 4.4.89
Kevin Darbyshire-Bryant [Thu, 28 Sep 2017 09:39:05 +0000 (10:39 +0100)]
kernel: update 4.4 to 4.4.89

Refresh patches.
Compile & run tested on ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7 years agogdb: bump to 8.0.1
Stijn Tintel [Mon, 25 Sep 2017 05:45:10 +0000 (08:45 +0300)]
gdb: bump to 8.0.1

Add -static-libstdc++ to TARGET_LDFLAGS to avoid a hard dependency on
libstdc++, and -Wl,--gc-sections to further reduce the size on platforms
that support it.

Fixes CVE-2017-9778.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agotoolchain/gdb: update to version 8.0.1
Ryan Mounce [Sun, 6 Aug 2017 04:52:18 +0000 (14:22 +0930)]
toolchain/gdb: update to version 8.0.1

Fixes CVE-2017-9778.

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
[reference fixed CVE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agomt76: update to the latest version, improves mt7603 stability
Felix Fietkau [Thu, 28 Sep 2017 20:57:32 +0000 (22:57 +0200)]
mt76: update to the latest version, improves mt7603 stability

cb83f33 mt7603: mac: fix logic in mt7603_tx_hang()
21f20b4 mt7603: mac: fix register configuration in mt7603_rx_dma_busy()
d5e945e mt7603: mcu: fix indentation of mcu command definition

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agolinux-firmware: fix intel wireless-n 100 firmware package name
Felix Fietkau [Thu, 28 Sep 2017 20:51:48 +0000 (22:51 +0200)]
linux-firmware: fix intel wireless-n 100 firmware package name

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agohostapd: add support for accessing 802.11k neighbor report elements via ubus
Felix Fietkau [Tue, 4 Jul 2017 12:45:10 +0000 (14:45 +0200)]
hostapd: add support for accessing 802.11k neighbor report elements via ubus

This API can be used to distribute neighbor report entries across
multiple APs on the same LAN.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agohostapd: add support for specifying device config options directly in uci
Felix Fietkau [Sun, 7 May 2017 10:37:00 +0000 (12:37 +0200)]
hostapd: add support for specifying device config options directly in uci

This is useful for tuning some more exotic parameters where it doesn't
make sense to attempt to cover everything in uci directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoar71xx: unify CONFIG_CMDLINE
Felix Fietkau [Tue, 18 Jul 2017 13:58:08 +0000 (15:58 +0200)]
ar71xx: unify CONFIG_CMDLINE

Booting from jffs2 directly is no longer supported, use
rootfstype=squashfs consistently for all subtargets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agodropbear: make ssh compression support configurable
Marcin Jurkowski [Fri, 30 Jun 2017 11:13:50 +0000 (13:13 +0200)]
dropbear: make ssh compression support configurable

Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
7 years agoumdns: update to latest git HEAD
John Crispin [Thu, 28 Sep 2017 07:27:39 +0000 (09:27 +0200)]
umdns: update to latest git HEAD

b84fdac Add debug output for service_timeout
8f7e3bc Remove incorrect comma in http service json config
9f40133 Remove ttl==255 restriction for queries

Signed-off-by: John Crispin <john@phrozen.org>
7 years agoramips: reduce napi_weight in the ethernet driver.
Rosen Penev [Tue, 19 Sep 2017 05:23:01 +0000 (22:23 -0700)]
ramips: reduce napi_weight in the ethernet driver.

Currently dmsg a weight of 128 which is above the kernel limit of 64. Silence the warning.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agoprocd: Install seccomp-trace symlink
Michal Sojka [Tue, 12 Sep 2017 11:12:50 +0000 (13:12 +0200)]
procd: Install seccomp-trace symlink

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
7 years agoprocd: update to latest git HEAD
John Crispin [Thu, 28 Sep 2017 06:30:04 +0000 (08:30 +0200)]
procd: update to latest git HEAD

ee582d1 instance: properly compare and reload respawn config
260a4cd utrace: Start the tracee only after uloop initialization
520ad3c utrace: Switch all logging to ulog
1c48104 utrace: Support non-contiguous syscall numbers
582cf97 utrace: Forward SIGTERM to the traced process
32534f7 utrace: Report ptrace errors
ccde3fb seccomp: Improve error message
7f9b174 preload-seccomp: Use proper log level for error messages
e3c4302 Start seccomp-enabled services via seccomp-trace
5e4ad02 seccomp: Log seccomp violations with utrace
2661b2f utrace: Use PTHREAD_SEIZE instead of PTHREAD_TRACEME
b5d53c6 utrace: Deliver signals to traced processes
b416ed9 utrace: Support tracing multi-threaded processes and vfork
8b7d47a utrace: Trace processes across forks
c6b6ec6 utrace: Sort syscalls by number of invocations
592c532 Update trace attribute
c8faedc Do not disable seccomp when configuration is not found
017f3a1 utrace: Fix off-by-one errors
5acaf15 utrace: Fix environment initialization

Signed-off-by: John Crispin <john@phrozen.org>
7 years agoramips: mt7621: add MT29F2G08ABAE NAND flash support
Roman Yeryomin [Sun, 17 Sep 2017 20:17:27 +0000 (23:17 +0300)]
ramips: mt7621: add MT29F2G08ABAE NAND flash support

Signed-off-by: Roman Yeryomin <roman@advem.lv>
7 years agoramips: improve Xiaomi Mi Router 3G support
Kevin Darbyshire-Bryant [Mon, 25 Sep 2017 19:41:13 +0000 (20:41 +0100)]
ramips: improve Xiaomi Mi Router 3G support

This commit improves support for the Xiaomi Mi Router 3G originally
added in commit 6e283cdc0da25928f8148805ebef7f8f2b769ee8

Improvements:

- Remove software watchdog as hardware watchdog now working as per
  commit 3fbf3ab44f5cebb22e30a4c8681b13341feed6a6 for all mt7621
  devices.

- Reset button polarity corrected - length of press determines reboot
  (short press) vs. reset to defaults (long press) behaviour.

- Enable GPIO amber switch port LEDs on board rear - lit indicates 1Gbit
  link and blink on activity.  Green LEDs driven directly by switch
  indicating any link speed and tx activity.

- USB port power on/off GPIO exposed as 'usbpower'

- Add access to uboot environment settings for checking/setting uboot
  boot order preference from user space.

Changes:

- Front LED indicator is physically made of independent Yellow/Amber,
  Red & Blue LEDs combined via a plastic 'lightpipe' to a front panel
  indicator, hence the colour behaviour is similar to an RGB LED. RGB
  LEDs are not supported at this time because they produce colour results
  that do not then match colour labels, e.g. enabling 'mir3g:red' and
  'mir3g:blue' would result in a purple indicator and we have no such
  label for purple.
  The yellow, red & blue LEDs have been split out as individual yellow,
  red & blue status LEDs, with yellow being the default status LED as
  before and with red's WAN and blue's USB default associations removed.

- Swapped order of vlan interfaces (eth0.1 & eth0.2) to match stock vlan
  layout. eth0.1 is LAN, eth0.2 is WAN

- Add 'lwlll' vlan layout to mt7530 switch driver to prevent packet
  leakage between kernel switch init and uci swconfig

uboot behaviour & system 'recovery'

uboot expects to find bootable kernels at nand addresses 0x200000 &
0x600000 known by uboot as "system 1" and "system 2" respectively.
uboot chooses which system to hand control to based on 3 environment
variables: flag_last_success, flag_try_sys1_failed & flag_try_sys2_failed

last_success represents a preference for a particular system and is set
to 0 for system 1, set to 1 for system 2.  last_success is considered *if*
and only if both try_sys'n'_failed flags are 0 (ie. unset) If *either*
failed flags are set then uboot will attempt to hand control to the
non failed system. If both failed flags are set then uboot will check
the uImage CRC of system 1 and hand control to it if ok.  If the uImage
CRC of system is not ok, uboot will hand control to system 2
irrespective of system 2's uImage CRC.

NOTE: uboot only ever sets failed flags, it *never* clears them. uboot
sets a system's failed flag if that system's was selected for boot but
the uImage CRC is incorrect.

Fortunately with serial console access, uboot provides the ability to
boot an initramfs image transferred via tftp, similarly an image may
be flashed to nand however it will flash to *both* kernels so a backup
of stock kernel image is suggested. Note that the suggested install
procedure below set's system 1's failed flag (stock) thus uboot ignores
the last_success preference and boots LEDE located in system 2.

Considerable thought has gone into whether LEDE should replace both
kernels, only one (and which one) etc. LEDE kernels do not include a
minimal rootfs and thus unlike the stock kernel cannot include a
method of controlling uboot environment variables in the event of
rootfs mount failure. Similarly uboot fails to provide an external
mechanism for indicating boot system failure.

Installation - from stock.

Installation through telnet/ssh:
- copy lede-ramips-mt7621-mir3g-squashfs-kernel1.bin and
  lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin to usb disk or wget it
  from LEDE download site to /tmp
- switch to /extdisks/sda1/ (if copied to USB drive) or to /tmp if
  wgetted from LEDE download site
- run: mtd write lede-ramips-mt7621-mir3g-squashfs-kernel1.bin kernel1
- run: mtd write lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin rootfs0
- run: nvram set flag_try_sys1_failed=1
- run: nvram commit
- run: reboot

Recovery - to stock.

Assuming you used the above installation instructions you will have a
stock kernel image in system 1. If it can be booted then it may be used
to perform a stock firmware recovery, thus erasing LEDE completely. From
a 'working' LEDE state (even failsafe)

Failsafe only:
- run: mount_root
- run: sh /etc/uci-defaults/30_uboot-envtools
Then do the steps for 'All'

All:
- run: fw_setenv flag_try_sys2_failed 1
- run: reboot

The board will reboot into system 1 (stock basic kernel) and wait with
system red light slowly blinking for a FAT formatted usb stick with a
recovery image to be inserted.  Press and hold the reset button for
around 1 second. Status LED will turn yellow during recovery and blue
when recovery complete.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7 years agoramips: RT5350F-OLINUXINO: enable ttyS1
Zoltan Gyarmati [Tue, 19 Sep 2017 21:59:56 +0000 (23:59 +0200)]
ramips: RT5350F-OLINUXINO: enable ttyS1

The RT5350F's second UART pins are available on the base module and on
the EVB as well, so enable it in the device tree.
 In order to keep the origian serial port numbering (ttyS0 is the serial
console), aliases added for the UART devices.

Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
7 years agoramips: RT5350F-OLINUXINO: enable i2c
Zoltan Gyarmati [Tue, 19 Sep 2017 21:59:55 +0000 (23:59 +0200)]
ramips: RT5350F-OLINUXINO: enable i2c

The RT5350F i2c pins is available on the base module and on
the EVB as well, so enable it in the dts.

Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
7 years agoramips: RT5350F-OLINUXINO: invert WiFi LED polarity
Zoltan Gyarmati [Tue, 19 Sep 2017 21:59:54 +0000 (23:59 +0200)]
ramips: RT5350F-OLINUXINO: invert WiFi LED polarity

The polarity of WLAN_ACT LED on the base module needs to inverted
in order to be 'on' when the WiFi interface is active

Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
7 years agoramips: introduce RT5350F-OLINUXINO.dtsi
Zoltan Gyarmati [Tue, 19 Sep 2017 21:59:53 +0000 (23:59 +0200)]
ramips: introduce RT5350F-OLINUXINO.dtsi

The RT5350F-OLINUXINO(-EVB).dts files' content are nearly the same, so to avoid
code duplication this patch creates RT5350F-OLINUXINO.dtsi file which
covers the base board's features. The corresponding RT5350F-OLINUXINO.dts
just includes the new .dtsi and the RT5350F-OLINUXINO-EVB.dts adds the EVB
specific GPIO config.

Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
7 years agoramips: add 'lwlll' portmap to mt7530 switch
Kevin Darbyshire-Bryant [Mon, 25 Sep 2017 19:38:18 +0000 (20:38 +0100)]
ramips: add 'lwlll' portmap to mt7530 switch

The Xiaomi Mi Router 3G uses this deranged vlan portmap. Add support so
that packets are not leaked across all switch ports when reset.

Fix a whitespace nit while we're here.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[fix wrong pvids order]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoramips: mt7621: fix failsafe mode networking
Kevin Darbyshire-Bryant [Mon, 25 Sep 2017 14:24:38 +0000 (15:24 +0100)]
ramips: mt7621: fix failsafe mode networking

Disable VLANs on mt7621 boards with mt7530 switches on failsafe entry.

Allows failsafe networking to work correctly.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[fixed default case syntax error]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoltq-vdsl-mei: disable optimized firmware download
Mathias Kresin [Wed, 27 Sep 2017 04:52:43 +0000 (06:52 +0200)]
ltq-vdsl-mei: disable optimized firmware download

With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and
enabled by default. As soon as the optimized firmware download is
enabled, a watchdog based reboot is trigger between 24h to 48h of
uptime if the board isn't connected to a xdsl line.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoltq-vdsl: fix PM thread suspend and resume handling
Martin Schiller [Tue, 26 Sep 2017 05:56:55 +0000 (07:56 +0200)]
ltq-vdsl: fix PM thread suspend and resume handling

This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM
thread handling issues which lead to high system load and watchdog
trigger within 1h of uptime for boards not connected to a xdsl line.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
7 years agoopenvpn: update to 2.4.4
Magnus Kroken [Wed, 27 Sep 2017 17:45:32 +0000 (19:45 +0200)]
openvpn: update to 2.4.4

Fixes CVE-2017-12166: out of bounds write in key-method 1.

Remove the mirror that was temporarily added during the
2.4.3 release.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
7 years agokernel: update 4.9 to 4.9.52
Stijn Tintel [Wed, 27 Sep 2017 21:19:49 +0000 (00:19 +0300)]
kernel: update 4.9 to 4.9.52

Refresh patches.
Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agohostapd: update wpa_supplicant p2p config
Lorenzo Santina [Wed, 27 Sep 2017 09:21:53 +0000 (11:21 +0200)]
hostapd: update wpa_supplicant p2p config

Update the config file to the latest version.

Added CONFIG_EAP_FAST=y because it was the only
missing flag about EAP compared to full config.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Other flags are the same as before.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agohostapd: update wpa_supplicant mini config
Lorenzo Santina [Wed, 27 Sep 2017 09:15:42 +0000 (11:15 +0200)]
hostapd: update wpa_supplicant mini config

Update the config file to the latest version.
Enabled flags are the same as before.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agohostapd: update wpa_supplicant full config
Lorenzo Santina [Wed, 27 Sep 2017 09:09:06 +0000 (11:09 +0200)]
hostapd: update wpa_supplicant full config

Update the config file to the latest version.
Enabled flags are the same as before.

Commented CONFIG_IEEE80211W=y flag because it is
set in the Makefile, only if the driver supports it.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agohostapd: update hostapd mini config
Lorenzo Santina [Mon, 25 Sep 2017 18:10:57 +0000 (20:10 +0200)]
hostapd: update hostapd mini config

Update the config file to the latest version.
Enabled flags are the same as before.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agohostapd: update hostapd full config
Lorenzo Santina [Mon, 25 Sep 2017 17:02:09 +0000 (19:02 +0200)]
hostapd: update hostapd full config

Update the config file to the latest version.
Enabled flags are the same as before.

Removed flag CONFIG_WPS2 because it is no more
needed due to this changelog (2014-06-04 - v2.2):
"remove WPS 1.0 only support, i.e., WSC 2.0
support is now enabled whenever CONFIG_WPS=y is set".

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agocurl: fix disable threaded resolver
Hans Dedecker [Wed, 27 Sep 2017 15:22:44 +0000 (17:22 +0200)]
curl: fix disable threaded resolver

Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoipset: replace patch that was reverted upstream
Stijn Tintel [Tue, 26 Sep 2017 15:13:18 +0000 (18:13 +0300)]
ipset: replace patch that was reverted upstream

Use the correct prefix for backports while at it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoRevert "brcm47xx: Fix sysupgrade with E1200v1"
Hauke Mehrtens [Mon, 25 Sep 2017 21:04:09 +0000 (23:04 +0200)]
Revert "brcm47xx: Fix sysupgrade with E1200v1"

This reverts commit 31e9445b7e614f54daa0caf3148e223d088311ab.

"Linksys E1200 V1" is not a valid board name, as the brcm47xx arch code
can not detect this device. Stefan Lippers-Hollmann also found a typo in
this patch "cybetran" instead of "cybertan".

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agouboot-mvebu: add OpenSSL compat patches
Marko Ratkaj [Mon, 25 Sep 2017 11:22:20 +0000 (13:22 +0200)]
uboot-mvebu: add OpenSSL compat patches

Fixes the following build issue: "undefined reference to `EVP_MD_CTX_create'"

From: Jelle van der Waa <jelle@vdwaa.nl>

The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
7 years agouboot-mvebu: fix SETEXPR redefinition warning
Marko Ratkaj [Mon, 25 Sep 2017 10:32:22 +0000 (12:32 +0200)]
uboot-mvebu: fix SETEXPR redefinition warning

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
7 years agouboot-mvebu: add missing UBOOT_MAKE_FLAGS variable
Marko Ratkaj [Mon, 25 Sep 2017 10:28:52 +0000 (12:28 +0200)]
uboot-mvebu: add missing UBOOT_MAKE_FLAGS variable

This patch removes "/bin/sh: HOSTCPPFLAGS: command not found" errors douring build.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
7 years agoRevert "toolchain/gdb: update to version 8.0.1"
Stijn Tintel [Mon, 25 Sep 2017 20:16:37 +0000 (23:16 +0300)]
Revert "toolchain/gdb: update to version 8.0.1"

Since version 8.0, gdb requires at least gcc 4.8. Unfortunately some of
the buildbot slaves don't meet this requirement, and fail to build LEDE
after the gdb upgrade. Revert to the previous gdb version for now.

This reverts commit 592abe9ef53f921554d48085d6482d4507b3e142.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agosamba36: add Package/samba/Default
Stijn Tintel [Sun, 12 Mar 2017 02:09:36 +0000 (03:09 +0100)]
samba36: add Package/samba/Default

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoipset: bump to 6.34
Stijn Tintel [Mon, 25 Sep 2017 02:55:27 +0000 (05:55 +0300)]
ipset: bump to 6.34

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agotoolchain/gdb: update to version 8.0.1
Ryan Mounce [Sun, 6 Aug 2017 04:52:18 +0000 (14:22 +0930)]
toolchain/gdb: update to version 8.0.1

Fixes CVE-2017-9778.

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
[reference fixed CVE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agocurl: bump to 7.55.1
Stijn Tintel [Mon, 25 Sep 2017 03:00:51 +0000 (06:00 +0300)]
curl: bump to 7.55.1

Update 200-no_docs_tests.patch.
Refresh patches.

Fixes the following CVEs:
- CVE-2017-1000099
- CVE-2017-1000100
- CVE-2017-1000101

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoiperf: bump to 2.0.10
Stijn Tintel [Mon, 25 Sep 2017 02:59:23 +0000 (05:59 +0300)]
iperf: bump to 2.0.10

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agobrcm47xx: Fix sysupgrade with E1200v1
Rosen Penev [Fri, 15 Sep 2017 23:09:19 +0000 (16:09 -0700)]
brcm47xx: Fix sysupgrade with E1200v1

Entry was missing for some reason.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agosunxi: add Olimex A20-OLinuXino-LIME2-eMMC
Lucian Cristian [Mon, 18 Sep 2017 22:13:44 +0000 (01:13 +0300)]
sunxi: add Olimex A20-OLinuXino-LIME2-eMMC

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[replaced u-boot patch with original version from u-boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agotools: flex: fix segfault with glibc 2.26+
Marko Ratkaj [Tue, 19 Sep 2017 07:35:39 +0000 (09:35 +0200)]
tools: flex: fix segfault with glibc 2.26+

Fix segmentation fault caused by implicit declaration of function 'reallocarray'. Added patch will enable
reallocarray() prototype in glibc 2.26+ on Linux systems. This fix will be included in flex 2.6.5.

Fixes LEDE issue: FS#1003 (Flex does not build with GCC 7.2)

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
7 years agokernel: don't scrimp on memory on big iron
Philip Prindeville [Tue, 19 Sep 2017 23:49:13 +0000 (17:49 -0600)]
kernel: don't scrimp on memory on big iron

x86_64 platforms typically don't lack memory, so don't needlessly
economize memory if fq_codel on capable platforms.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[Add a comment to the patch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agokernel: kmod-usb-storage-uas
James Christopher Adduono [Wed, 20 Sep 2017 05:30:45 +0000 (01:30 -0400)]
kernel: kmod-usb-storage-uas

This will allow you to build and package the uas.ko module.
With more routers supporting USB 3.0 host this could help
speed up activities like DLNA and Samba, as well as reduce
CPU utilization over BOT mass storage drivers.

Signed-off-by: James Christopher Adduono <jc@adduono.com>
7 years agoramips: fix missing mediatek wdt
Kevin Darbyshire-Bryant [Wed, 20 Sep 2017 14:10:42 +0000 (15:10 +0100)]
ramips: fix missing mediatek wdt

mediatek MT7621 soc watchdog DTS id was renamed from "mtk,mt7621-wdt" to
"mediatek,mt7621-wdt" when driver upstreamed to kernel 4.5

Update mt7621.dtsi & mt7628an.dtsi definitions to match upstreamed
kernel.

Restores hardward watchdog functionality on mt7621 devices under linux
4.9

Tested on: MIR3G

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7 years agouhttp: update to latest version
Adrian Panella [Tue, 12 Sep 2017 18:29:09 +0000 (13:29 -0500)]
uhttp: update to latest version

3fd58e9 2017-08-19 uhttpd: add manifest support
88c0b4b 2017-07-09 file: fix basic auth regression
99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info
c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
ad93be7 2017-07-02 auth: store parsed username and password
fa51d7f 2017-07-02 proc: do not declare empty process variables
a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash

Signed-off-by: Adrian Panella <ianchi74@outlook.com>
7 years agolibubox: fix uloop race condition
Hans Dedecker [Thu, 21 Sep 2017 20:42:28 +0000 (22:42 +0200)]
libubox: fix uloop race condition

7a10576 uloop: Fix race condition in SIGCHLD handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agokernel: update 4.9 to 4.9.51
Stijn Tintel [Wed, 20 Sep 2017 20:18:24 +0000 (23:18 +0300)]
kernel: update 4.9 to 4.9.51

Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoarm-trusted-firmware-sunxi: depend on sunxi target
Stijn Tintel [Tue, 19 Sep 2017 18:34:47 +0000 (21:34 +0300)]
arm-trusted-firmware-sunxi: depend on sunxi target

The arm-trusted-firmware-sunxi package is only used by the Allwinner
A64, so only make it selectable for its subtarget sunxi/cortexa53.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agoat91bootstrap: New package at91bootstrap
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:23 +0000 (11:51 -0700)]
at91bootstrap: New package at91bootstrap

at91bootstrap is a second-level bootloader for Microchip(Atmel AT91) SoCs.
It provides a set of algorithms to manage the hardware initialization and
to download the main application or a third-level bootloader(i.e. uboot)
from specified boot media to main memory and execute it.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agouboot-at91: Add support for SAMA5D4 Xplained board
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:22 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D4 Xplained board

Add support for SAMA5D4 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agouboot-at91: Add support for SAMA5D2 Xplained board
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:21 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D2 Xplained board

Add support for SAMA5D2 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agouboot-at91: Add support for SAMA5D3 Xplained board
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:20 +0000 (11:51 -0700)]
uboot-at91: Add support for SAMA5D3 Xplained board

Add support for SAMA5D3 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agouboot-at91: move BUILD_SUBTARGET from U-Boot/Default to devices
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:19 +0000 (11:51 -0700)]
uboot-at91: move BUILD_SUBTARGET from U-Boot/Default to devices

currenlty U-Boot/Default supports only at91 legacy devices.To add
sama5 support, moving BUILD_SUBTARGET from U-Boot/Default to target
devices.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agoat91: Add UBI parameters for sama5d4.
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:18 +0000 (11:51 -0700)]
at91: Add UBI parameters for sama5d4.

Add UBIFS_OPTS & UBINIZE_OPTS parameters for sama5d4 Xplained board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agoat91: Add SAMA5D4 device
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:17 +0000 (11:51 -0700)]
at91: Add SAMA5D4 device

Add support for SAMA5D4 with target device as at91-sama5d4_xplained
in SAMA5 subtarget and build images for SAMA5D4 Xplained board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agoat91: Add SAMA5D2 device
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:16 +0000 (11:51 -0700)]
at91: Add SAMA5D2 device

Add support for SAMA5D2 with target device as at91-sama5d2_xplained
in SAMA5 subtarget and build images for SAMA5D2 Xplained board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agoat91: Install zImage.
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:15 +0000 (11:51 -0700)]
at91: Install zImage.

Installing zImage to bin folder of device target.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agobuild: add image command for installing zImage file.
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:14 +0000 (11:51 -0700)]
build: add image command for installing zImage file.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agoat91: Renaming subtarget sama5d3 to sama5
Sandeep Sheriker Mallikarjun [Wed, 13 Sep 2017 18:51:13 +0000 (11:51 -0700)]
at91: Renaming subtarget sama5d3 to sama5

Renaming at91 subtarget sama5d3 to sama5 and using at91-sama5d3_xplained
as a target device in sama5 subtarget.This will enable to add other
sama5d2 & sama5d4 target devices in sama5 subtraget.This will avoid
code duplication when sama5d2 & sama5d4 added as different subtarget.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agobuild: remove @ as it's causing an error
Philip Prindeville [Tue, 19 Sep 2017 21:17:09 +0000 (15:17 -0600)]
build: remove @ as it's causing an error

Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
7 years agoipq-wifi: fix missing define of PKG_NAME
Chen Minqiang [Wed, 20 Sep 2017 02:20:09 +0000 (10:20 +0800)]
ipq-wifi: fix missing define of PKG_NAME

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
7 years agousbutils: avoid duplicating the git revision
Philip Prindeville [Tue, 19 Sep 2017 20:47:54 +0000 (14:47 -0600)]
usbutils: avoid duplicating the git revision

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
7 years agoopenvpn: add "extra-certs" option
Sven Roederer [Tue, 5 Sep 2017 16:27:02 +0000 (18:27 +0200)]
openvpn: add "extra-certs" option

This option is used to specify a file containing PEM certs, to complete the
local certificate chain. Which is quite usefull for "split-CA" setups.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agosunxi: add Olimex A20-OlinuXino-LIME2
Lucian Cristian [Fri, 19 May 2017 01:14:08 +0000 (04:14 +0300)]
sunxi: add Olimex A20-OlinuXino-LIME2

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
7 years agohostapd: ft_over_ds support
Lorenzo Santina [Sat, 16 Sep 2017 09:14:27 +0000 (11:14 +0200)]
hostapd: ft_over_ds support

Add support for ft_over_ds flag in ieee80211r

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
7 years agohostapd: ft_psk_generate_local support
Lorenzo Santina [Sat, 16 Sep 2017 09:07:24 +0000 (11:07 +0200)]
hostapd: ft_psk_generate_local support

Add support for ft_psk_generate_local flag in ieee80211r

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[original author]
Signed-off-by: Sergio <mailbox@sergio.spb.ru>
7 years agoath10k-firmware: use firmware from git instead of extra download
Hauke Mehrtens [Sun, 17 Sep 2017 19:33:20 +0000 (21:33 +0200)]
ath10k-firmware: use firmware from git instead of extra download

Instead of manually downloading the files again we can also take the
same files directly from the ath10k-firmware git which was cloned
before.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: Add A64 support with cortex53 subtarget
Hauke Mehrtens [Sat, 15 Jul 2017 20:53:20 +0000 (22:53 +0200)]
sunxi: Add A64 support with cortex53 subtarget

This adds initial support for the A64 Allwinner SoC to LEDE.
It will be build in the new cortexa53 subtarget.

Currently it only supports the pine64 and the image is able to boot on
this SoC.

Camera, Ethernet, HDMI and other parts are currently not working.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: Backport patches from kernel 4.11 for A64
Hauke Mehrtens [Mon, 17 Jul 2017 20:48:31 +0000 (22:48 +0200)]
sunxi: Backport patches from kernel 4.11 for A64

This backports some more patches from kernel 4.11 adding more devices
to the device tree of the A64 SoC.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: Backport patches needed for A64
Hauke Mehrtens [Sat, 15 Jul 2017 20:50:41 +0000 (22:50 +0200)]
sunxi: Backport patches needed for A64

This backports multiple patches from kernel 4.10 which are adding
missing support for the A64 and the pine64 board. These are the device
tree files, the pinctlk and the clock driver.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agouboot-sunxi: build A64 SoC and pine64 U-Boot
Hauke Mehrtens [Sat, 15 Jul 2017 20:53:35 +0000 (22:53 +0200)]
uboot-sunxi: build A64 SoC and pine64 U-Boot

This creates a U-Boot for the aarch64 SoC A64 on the pine64 board.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agoarm-trusted-firmware-sunxi: add new package
Hauke Mehrtens [Sat, 15 Jul 2017 22:01:21 +0000 (00:01 +0200)]
arm-trusted-firmware-sunxi: add new package

This is needed for the Boot loader of the A64 SoC.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: split into cortex A8 and A7 subtarget
Hauke Mehrtens [Sat, 15 Jul 2017 18:35:57 +0000 (20:35 +0200)]
sunxi: split into cortex A8 and A7 subtarget

Now we can activate some compiler optimizations for the cortex A7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: fix build of rtc package when module not available
Hauke Mehrtens [Sat, 15 Jul 2017 20:51:25 +0000 (22:51 +0200)]
sunxi: fix build of rtc package when module not available

If the Kconfig option CONFIG_RTC_DRV_SUNXI is not selected this package
should be be build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agouboot-sunxi: revert the usage of binman
Hauke Mehrtens [Thu, 20 Jul 2017 21:27:31 +0000 (23:27 +0200)]
uboot-sunxi: revert the usage of binman

This will avoid the usage of swig.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agouboot-sunxi: do not depend on dtc being install on host
Hauke Mehrtens [Wed, 19 Jul 2017 20:46:34 +0000 (22:46 +0200)]
uboot-sunxi: do not depend on dtc being install on host

make mkimage check the DTC environment variable first.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agouboot-sunxi: update to version 2017.07
Hauke Mehrtens [Sat, 15 Jul 2017 16:41:57 +0000 (18:41 +0200)]
uboot-sunxi: update to version 2017.07

The deleted patches are already integrated in the upstream U-Boot
version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agosunxi: add support for kernel 4.9
Hauke Mehrtens [Sat, 15 Jul 2017 12:57:08 +0000 (14:57 +0200)]
sunxi: add support for kernel 4.9

Most of the patches were backpoprts from the mainline kernel and are
integrated upstream now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agokernel: add some config options
Hauke Mehrtens [Sat, 15 Jul 2017 13:57:29 +0000 (15:57 +0200)]
kernel: add some config options

These are needed for the sunxi target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agorb532: drop 4.4 support
Stijn Tintel [Mon, 18 Sep 2017 09:13:18 +0000 (12:13 +0300)]
rb532: drop 4.4 support

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agorb532: add myself as maintainer
Roman Yeryomin [Sun, 17 Sep 2017 18:35:19 +0000 (21:35 +0300)]
rb532: add myself as maintainer

Signed-off-by: Roman Yeryomin <roman@advem.lv>
7 years agorb532: switch to 4.9
Roman Yeryomin [Sun, 17 Sep 2017 18:34:36 +0000 (21:34 +0300)]
rb532: switch to 4.9

Signed-off-by: Roman Yeryomin <roman@advem.lv>
7 years agorb532: add support for 4.9
Roman Yeryomin [Sun, 17 Sep 2017 18:34:00 +0000 (21:34 +0300)]
rb532: add support for 4.9

Includes latest korina fixes.

Signed-off-by: Roman Yeryomin <roman@advem.lv>
[rewrite commit message (subject <= 50 characters)]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>